From: Matthijs Mekking <matje@NLnetLabs.nl>
Date: Tue, 12 Jan 2010 11:06:36 +0000 (+0000)
Subject: bug 289
X-Git-Tag: release-1.6.4~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52a41575fff6be344cec8e11a0b4044d4ede55ec;p=thirdparty%2Fldns.git

bug 289
---

diff --git a/dnssec.c b/dnssec.c
index ab6d2d72..c39985f9 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -166,6 +166,9 @@ ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
 			flag = true;
 		} else if (exact_match_found && flag) {
 			result = ldns_rdf_clone(sname);
+			/* RFC 5155: 8.3. 2.** "The proof is complete" */
+			ldns_rdf_deep_free(hashed_sname);
+			goto done;
 		} else if (exact_match_found && !flag) {
 			/* error! */
 			ldns_rdf_deep_free(hashed_sname);
diff --git a/dnssec_verify.c b/dnssec_verify.c
index 9b50d45f..c7cd2688 100644
--- a/dnssec_verify.c
+++ b/dnssec_verify.c
@@ -1411,7 +1411,7 @@ ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
 	ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
 
 	rrsigs = rrsigs;
-	
+
 	zone_name = ldns_dname_left_chop(ldns_rr_owner(ldns_rr_list_rr(nsecs,0)));
 
 	/* section 8.4 */
@@ -1425,7 +1425,7 @@ ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
 		(void) ldns_dname_cat(wildcard, closest_encloser);
 
 		for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
-			hashed_wildcard_name = 
+			hashed_wildcard_name =
 				ldns_nsec3_hash_name_frm_nsec3(ldns_rr_list_rr(nsecs, 0),
 										 wildcard
 										 );